We’re living in the age of rapid growth of cloud environments. More organizations scale their development process in the cloud with multiple accounts and endless number of services. Manual security and compliance assessments are not realistic, and now it is clear that manual remediation of failed security testing becomes challenging and consumes a lot of resources.

Dome9 introduced its own solution for automatic remediation last year, CloudBots for AWS. Now it’s the time to introduce the latest automatic remediation solution for Azure and GCP.

CloudBots to the rescue

CloudBots is an open-source project on GitHub that provides the agility needed to keep up with the pace of securing dynamic cloud applications. The CloudBots technology is developed by the CloudGuard Dome9 team for auto-remediation and continuous compliance for cloud environments. The bots are triggered by findings identified by Dome9’s Continuous Compliance engine.

The remediation platform is deployed within your cloud account on AWS, using Lambda; subscription on Azure, using Azure Function; or project in GCP, using cloud functions. CloudBots do not require providing Dome9 write permissions to your cloud environment – you can continue using Dome9 in a read-only mode.

The CloudBots architecture is very simple. Let’s take for example – Azure CloudBots architecture:

The Cloud Function, on which the CloudBots is deployed, is configured to expose an HTTP endpoint, to which the Dome9 Compliance Engine sends its findings stream. The Cloud Function, responsible to execute the required bot based on the configuration.

The bots use Azure SDK or REST API calls to the Azure platform to apply the remediation action.

Report back on the remediation action operation can be made using Azure SendGrid.

CloudBots can operate cross-subscription, once the proper trust is established between them, scaling out the remediation operation.

The CloudBots Auto-Remediation Flow

Dome9 will continuously scan the subscriptions and generate findings on services that do not comply with the applied standards by an HTTP connector.

On compliance rules that should be automatically remediated you’d add remediation actions and parameters. This information will be sent with the findings.

The Cloud Function reads the finding message tags and looks for a tag that matches
AUTO: <action> <params>.

If any of those AUTO tags match a remediation that we have built out, it’ll call that bot.

Once the function is finished working, it posts the action results to SendGrid.

Automate your compliance and remediate misconfigurations

There are many benefits in using CloudBots:

Automate the entire compliance and security process.

Reduce the amount of resources required to fix the discovered compliance and security issues.

No additional permissions required, as the platform is deployed within the environment.

Open source, extensible solution – but powered and supported by Check Point.